Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-47841

Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions

XMLWordPrintable

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      Steps to Reproduce:

      1. Install CQ "1.0.618" or "1.0.618.001"
      2. Make sure that CQ does not have anonymous access
      3. Browse through Confluence as anonymous
      4. Do a search

      Expected Results:

      Results should not contain anything from Questions.

      Actual Results:

      Results show Questions topics, but upon clicking on them, user is redirected to login page.

            [CONFSERVER-47841] Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions

            dave (Inactive) added a comment -

            This issue is no longer present in the latest version available for download at:

            https://marketplace.atlassian.com/plugins/com.atlassian.confluence.plugins.confluence-questions

            dave (Inactive) added a comment - This issue is no longer present in the latest version available for download at: https://marketplace.atlassian.com/plugins/com.atlassian.confluence.plugins.confluence-questions

            Alexander Markov (Inactive) added a comment -

            CVSS score: 5.0 => Medium severity

            Exploitability Metrics

            AccessVector Network
            AccessComplexity Low
            Authentication None

            Impact Metrics

            ConfImpact Partial
            IntegImpact None
            AvailImpact None

            See https://extranet.atlassian.com/display/SECCOUNCIL/How+to+evaluate+vulnerability+severity+under+CVSS for details and http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 for score calculator.

            https://extranet.atlassian.com/display/SECCOUNCIL/HOWTO+-+Fixing+JIRA+Security+Issues
            https://extranet.atlassian.com/display/SECCOUNCIL/HOWTO+-+Fixing+Confluence+Security+Issues

            Alexander Markov (Inactive) added a comment - CVSS score: 5.0 => Medium severity Exploitability Metrics AccessVector Network AccessComplexity Low Authentication None Impact Metrics ConfImpact Partial IntegImpact None AvailImpact None See https://extranet.atlassian.com/display/SECCOUNCIL/How+to+evaluate+vulnerability+severity+under+CVSS for details and http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 for score calculator. https://extranet.atlassian.com/display/SECCOUNCIL/HOWTO+-+Fixing+JIRA+Security+Issues https://extranet.atlassian.com/display/SECCOUNCIL/HOWTO+-+Fixing+Confluence+Security+Issues

              Unassigned Unassigned
              htoussi HosseinA
              Affected customers:
              1 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: